summaryrefslogtreecommitdiffstats
path: root/sys/netgraph
Commit message (Collapse)AuthorAgeFilesLines
* In the current world order, solisten() implements the state transition ofrwatson2005-02-212-25/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | a socket from a regular socket to a listening socket able to accept new connections. As part of this state transition, solisten() calls into the protocol to update protocol-layer state. There were several bugs in this implementation that could result in a race wherein a TCP SYN received in the interval between the protocol state transition and the shortly following socket layer transition would result in a panic in the TCP code, as the socket would be in the TCPS_LISTEN state, but the socket would not have the SO_ACCEPTCONN flag set. This change does the following: - Pushes the socket state transition from the socket layer solisten() to to socket "library" routines called from the protocol. This permits the socket routines to be called while holding the protocol mutexes, preventing a race exposing the incomplete socket state transition to TCP after the TCP state transition has completed. The check for a socket layer state transition is performed by solisten_proto_check(), and the actual transition is performed by solisten_proto(). - Holds the socket lock for the duration of the socket state test and set, and over the protocol layer state transition, which is now possible as the socket lock is acquired by the protocol layer, rather than vice versa. This prevents additional state related races in the socket layer. This permits the dual transition of socket layer and protocol layer state to occur while holding locks for both layers, making the two changes atomic with respect to one another. Similar changes are likely require elsewhere in the socket/protocol code. Reported by: Peter Holm <peter@holm.cc> Review and fixes from: emax, Antoine Brodin <antoine.brodin@laposte.net> Philosophical head nod: gnn
* Reimplement recursion protection, checking whether current thread holdsglebius2005-02-191-0/+6
| | | | | | sockbuf mutex. Reviewed by: rwatson
* Remove a recursion protection, which we inherited from splnet() netgraph times.glebius2005-02-161-9/+0
| | | | | | | | Now several threads may write data to ng_ksocket. Locking of socket is done in sosend(). Reviewed by: archie, julian, rwatson MFC after: 2 weeks
* Make WITNESS happier:glebius2005-02-141-20/+14
| | | | | | | | - refactor ngd_constructor, so that make_dev() is called without any locks held, since it mallocs memory with M_WAITOK flag. - rename global mtx, to have name different to per-node mtx MFC after: 2 weeks
* Add new netgraph control message NGM_ETHER_DETACH, which actuallyglebius2005-02-142-0/+11
| | | | | | | | | removes netgraph node and unwraps Ethernet interface. This gives us ability to unload ng_ether.ko, when all interfaces are detached, making ng_ether(4) developers happy. Reviewed by: ru
* Bump cookie value to reflect change in NGM_IFACE_GET_IFNAME semantics.archie2005-02-131-2/+2
|
* Drop mythical module dependency on ng_ether.ru2005-02-131-2/+0
|
* Restore previous cookie. Old programs will work with new node OK,glebius2005-02-121-1/+1
| | | | | | | new programs with old node wil receive EINVAL trying to access new messages. Submitted by: ru
* - bzero sockaddr_dlglebius2005-02-121-8/+4
| | | | | | - use constant instead of number Suggested by: ru
* Fix typo in a comment.ru2005-02-121-1/+1
|
* Fallout from the ALTQ import.ru2005-02-121-1/+1
|
* Allocate enough space for new tag.glebius2005-02-121-1/+2
| | | | Pointy hat to: glebius
* When netgraph(4) was converted to use mbuf_tags(9) instead of meta-dataglebius2005-02-122-3/+10
| | | | | | | | | | | | | a definite setup was broken: two ng_ksockets are connected to each other, connect()ed to different remote hosts, and bind()ed to different local interfaces. In this case one ng_ksocket is fooled with tag from the other one. Put node id into tag. In rcvdata method utilize tag only if it has our own id inside or id equals zero. The latter case is added to support packets send by some third, not ng_ksocket node. MFC after: 1 week
* Add two new netgraph messages NGM_ETHER_ADD_MULTI and NGM_ETHER_DEL_MULTI,glebius2005-02-122-2/+59
| | | | | | | to join and leave Ethernet multicast membership, respectively. Messages take MAC address as argument. Sponsored by: Rinet ISP
* Removed redundant MODULE_VERSION().ru2005-02-122-2/+0
|
* Make netgraph ISR and callout MPSAFE.glebius2005-02-122-4/+3
| | | | Reviewed by: rwatson, ru
* style: fix indentation and spacing.glebius2005-02-111-4/+4
| | | | Submitted by: ru
* Do not trust ipfw: check m_len always, not only after m_dup.glebius2005-02-111-2/+5
| | | | Submitted by: ru
* - do m_pullup() after m_dup()glebius2005-02-111-3/+4
| | | | | | - clean style in previous commit Suggested by: ru
* pullup to sizeof struct ip before sending to ip_output.glebius2005-02-111-1/+7
| | | | Suggested by: ru
* Packets from ipfw come with IP header in host byte order. Netgraph worksglebius2005-02-111-9/+12
| | | | | | | with net byte order. Change byte order to net in ng_ipfw_input(), change byte order to host before ip_output(), do not change before ip_input(). In collaboration with: ru
* Make M_NETGRAPH_ETF staticphk2005-02-101-1/+1
|
* Fix incorrect comment.archie2005-02-101-1/+1
| | | | Submitted by: James Bowman <jamesb@acelere.net>
* In revision 1.29 timeout() was converted to ng_callout().ru2005-02-091-15/+9
| | | | | | | | | | | | | | | | | | | | | The difference is that the callout function installed via the ng_callout() method is guaranteed to NOT fire after the shutdown method was run (when a node is marked NGF_INVALID). Also, the shutdown method and the callout function are guaranteed to NOT run at the same time, as both require the writer lock. Thus we can safely ignore a zero return value from ng_uncallout() (callout_stop()) in shutdown methods, and go on with freeing the node. The said revision broke the node shutdown -- ng_bridge_timeout() is no longer fired after ng_bridge_shutdown() was run, resulting in a memory leak, dead nodes, and inability to unload the module. Fix this by cancelling the callout on shutdown, and moving part responsible for freeing a node resources from ng_bridge_timer() to ng_bridge_shutdown(). Noticed by: ru Submitted by: glebius, ru
* bzero() -> M_ZERO.ru2005-02-083-5/+2
|
* Improve parsing of hook name.glebius2005-02-071-6/+8
| | | | Submitted by: ru
* Whitespace.glebius2005-02-061-9/+9
|
* Remove comment which left after removal of ng_rcvdataq_t.glebius2005-02-061-1/+1
| | | | MFC after: 1 week
* Increase size of arglen to uint32_t, since uint16_t proved to beglebius2005-02-051-7/+7
| | | | | | not enough (e.g. listing 911 nodes). Bump NG_VERSION. Reviewed by: julian, archie, ru
* Add a ng_ipfw node, implementing a quick and simple interface betweenglebius2005-02-052-0/+371
| | | | | | ipfw(4) and netgraph(4) facilities. Reviewed by: andre, brooks, julian
* Expire aged flows in normal expiry thread. This fixes the problem, whenglebius2005-02-051-1/+2
| | | | a node disconnected from all sources of traffic never purges its cache.
* Break long lines in code and comments.glebius2005-02-051-15/+18
|
* Create a per-module mutex on MOD_LOAD, and destroy it on MOD_UNLOAD.ru2005-02-055-5/+97
| | | | | | (This fixes witness_destroy() panic after module unload.) OK'ed by: rwatson, julian
* Do check that version of a message from userland matches ours.glebius2005-02-041-0/+5
| | | | MFC after: 3 days
* - Fix build with TRACE_MESSAGES definedglebius2005-02-041-2/+2
| | | | - Remove extra parenthesis
* Parse "getifname" using the standard parse string type.ru2005-02-034-57/+12
| | | | | | | Fixed an off-by-one error when dealing with interface name (if_xname is NUL-terminated). Don't waste time making a copy of if_xname in constructor.
* Fixed an off-by-one error when dealing with interface nameru2005-02-031-9/+6
| | | | | | (if_xname is NUL-terminated). Don't waste time making a copy of if_xname in attach().
* Fixed an off-by-one error when dealing with interface nameru2005-02-033-6/+6
| | | | (if_xname is IFNAMSIZ-sized and NUL-terminated).
* Added ASCII version of the NGM_EIFACE_GET_IFNAME message, "getifname".ru2005-02-032-14/+10
|
* Removed unused includes.ru2005-02-031-3/+0
|
* Fix the comment.ru2005-02-021-2/+2
|
* Whitespace and "const" changes to reduce diffs to RELENG_4.ru2005-02-022-88/+90
| | | | (Gives the same object when compiled without NETGRAPH_DEBUG.)
* In case of various tunneling protocols, mbuf may pass several interfacesglebius2005-02-011-3/+5
| | | | | | | | | before entering ng_netflow. In this case it will have not NULL m_pkthdr.rcvif. However, it will enter ng_iface soon with another index. So let in_ifIndex value configured by user override m_pkthdr.rcvif. Reported by: Damir Bikmuhametov MFC after: 1 week
* Rename ng_callout_trapoline to ng_callout_trampoline.glebius2005-01-261-3/+3
| | | | Requested by: ru
* With recent changes to _callout_stop_safe() we can remove a hackglebius2005-01-251-6/+1
| | | | in ng_uncallout().
* Fix an evil typo.glebius2005-01-241-1/+1
| | | | | Submitted by: Roselyn Lee MFC after: 3 days
* Use log() instead of printf(), to reduce flood on console.glebius2005-01-202-5/+9
| | | | MFC after: 1 week
* Ups, misprint, change and => add.rik2005-01-161-1/+1
| | | | Submitted by: ru
* Fix comment. Code 0x95 means locking shift to codeset 5 according torik2005-01-161-2/+2
| | | | | | | T1.617 AnnexD. Locking shift procedure is described in ANSI T1.607. MFC after: 3 days
* Fix variable name in comment num=>alen. (Lost part of commit rev 1.2)rik2005-01-161-1/+1
| | | | MFC after: 3 days
OpenPOWER on IntegriCloud